An unpatched local privilege escalation (LPE) vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free fix today through the 0patch platform. The zero-day bug affects all impacted devices, enrolled in Microsoft’s Extended Security Updates (ESU) program or not until the company will release its own security updates to ESU customers. The LPE vulnerability stems from the misconfiguration of two service registry keys and it enables local attackers to elevate their privileges on any fully patched system.
Source: https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-zero-day-bug-gets-a-free-patch/